Tag Archives: Network

SIP Abuse from Amazon EC2

Ok, so I’ve been slacking again. Actually, I’ve been busy. Recently our VOIP server was receiving a SIP registration attack. the source IP was one from Amazons EC2 Network. having blocked them on the firewall at my end-point, the attack continued to try and send data to my system. I followed protocol, and sent an Abuse report to Amazon EC2. The abuse report contained a graph of the on-going data, seen here:

bbip24890245

It also contained a cut-down of the logs, showing which IP from their network was attacking our system and an explanation of what was happening. This was also CC’d to my ISP, I don’t normally CC them in on abuse reports, as when sending them for SSH attacks there’s alot of them, however, this isn’t the first time it’s happened from the Amazon network, and the data usage was incredibly large. and persisted even after blocking on the firewall. Fortunately for me, My ISP (Andrews and Arnold) give me a lot of control over my lines, including routing tables specific to IP’s that I have allocated and in this instance it took un-routing the subnet from my lines before the traffic stopped (though, according to someone at my ISP, the attack continued for some hours after un-routing the subnet).

Anyway, I received a response from Amazon today, they quoted the IP Address of my server that the attack was going to and had this to say:

Thank you for submitting your abuse report. There was no single customer using the source IP address(es) during the time you provided. This may be due to the fact that we do not own the IP address(es), the time or time zone you provided was incorrect, or there were multiple customers with instances running during the time and IP address(es) you specified. You may try re-submitting your report with a different time if you wish.

What that reads to me is “I didn’t actually look that closely to the logs and ignored most of the information that told me the time-zone in which your network is using, I also don’t know how to read logs, and assumed the IP address was a different one from what you had quoted” I have responded, telling them of their mistake. I have told them again which time-zone the logs are in, and I have told them again which IP Address they should be looking at in the logs. Today, the entire Amazon EC2 network has blocked access to my VOIP Server. What this means is that if there is anyone using Amazon EC2 legitimately for a VOIP server, they can not directly call our numbers.  I doubt this actually happens very often anyway but the least I expect from a company like Amazon when sending in an abuse report is that they actually give it to someone that has more than a single brain cell and doesn’t know what a computer is.

We’ll see what happens with this, but I’m not hopeful, and will never recommend Amazons EC2 service to anyone.

J

There’s no place like ::1

With the move of house, comes a lot of other movements of technology. At the old place, I was on Virgin Media’s Broadband, Although I did not have any problems with them, I do know people that had more than their fair share. I think in the course of 2 years my line went down for a total of 2 minutes, and I think that’s fairly acceptable. However, it lacks on some features. Dynamic IPv4 address (and only 1) means I had to write some rather complex scripts, due to my server blocking SSH access from anywhere unless it’s a “Known Location”. These locations normally consist of my place of work, my place of home, and my parents houses for when I visit them.

Although IPv4 is being exhausted, many people are still using it, in fact, pretty much everyone on the Internet is using IPv4 in one way or another. For me, my new connection has a /28 mask of address’s, call me selfish, but this does give all my machines external IP’s, and then I’m NAT-ing Wifi connections, because they don’t need external address’s. It also has Native IPv6 on the new line. there is still very much a case of “No one’s using IPv6 so we don’t support it” and also “many things still don’t support it, so I don’t have IPv6″. In my 2 years working at Dyalog, I have moved our internal systems to IPv6, and so far 50% of our servers are on IPv6. The interpreter received it’s required changes to support IPv6 in version 12, and some of these will be improved in 12.1, and this improvement will most likely be on-going.

So, to IPv6, and who supports it? well, Google have had IPv6 work going on for a long time now, and you have been able to access http://ipv6.google.com to run your web searches. however they only resolve www.google.com as an IPv6 address if your ISP has registered with them. I can understand this to some extent, but on the other hand, it might hold things back, as there’s alot of people beating their ISP’s to IPv6 with Tunneling over IPv4. Google here have proved that a move to IPv6 can be done without too much effort, providing you can release resources into the change, and you have a good firewall, Remember NAT is not a firewall.

What about ISP’s, what are they doing about IPv6? well Andrews and Arnold seem to be among the few ISP’s offering native IPv6 in the UK, I believe there is currently no more than 3 ISP’s offering such service. Why? maybe they don’t see the point because not many sites are using it yet. Well, here’s some news, every site I run, has IPv6, that is my personal sites and company sites, Google also have IPv6. so what are we waiting for?

Consumer devices is where my attention is grabbed, Can you name a single off-the-shelf Consumer grade router / modem that supports IPv6? I can not. and I can’t see someone at home spending thousands on Cisco gear to have IPv6. My solution to this was to buy a consumer-grade Asus WL-500gp router, and flash it’s firmware with Linux. This now gives me IPv6, along with IP4 and IP6 firewalls that I am personally comfortable with configuring.

Maybe the big problem here with ISP’s supporting IPv6 is that the consumer devices do not yet support such a thing, this means it is completely pointless having the ISP’s support it. IPv6 is moving forwards, and in the last year or 2 there has been some very big movements. unfortunately, these movements are no going fast enough, and until consumer devices support IPv6 this movement will be on a slow trickle. we only need one or two big ISP’s to start supporting IPv6 in the UK for it to take off like a rocket over here, so maybe this is a cry to the manufacturers of the consumer devices to support IPv6 so the ISP’s can also support it.

Get on the IPv6 bandwagon, this is a vote for IPv6 move forward.